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DETAILED ACTION 

1 . This action is responsive to communications: application, filed 9/30/2003; 
amendment filed 2/4/2008. 

2. Claims 1-34 are pending in the case. 

Response to Arguments 

3. Rejection of claims 1, 10, 17 and 25 under 35 U.S.C. 112, second paragraph is 
withdrawn due to applicant's amendments. 

4. Applicant's argument regarding claim rejection under 35 U.S.C. 103 has been 
fully considered, but is not persuasive. 

Applicant argues that their invention prevents profiling, while Gabber allows profiling 
user data. However, Gabber clearly states that his invention prevents profiling by the 
service providers (see col. 8 lines 51-57). Gabber teaches anonymous access to 
services of service providers (see col. 2 line 58 to col. 3 line 11). The anonymous 
access makes profiling impossible for service providers, because the real identity of the 
user is unknown. The fact that Gabber allows personalized services to be created 
should not be misinterpreted as Gabber allows profiling. In fact. Gabber teaches how to 
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perform personalized service, witliout allowing the service provider to access user 
profile. Therefore, applicant's argument that Gabber has a conceptual difference with 
the invention is not persuasive. 

The new limitations added to the independent claims have created a cause for new 
ground for rejection, the details of which is outlined in the following sections. Therefore, 
all pending claims are rejected under 35 U.S.C. 103(a). 

Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 1 , 2,1 0, 1 1 , 1 7, 1 8, 25, 26 rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Xiong (US Patent No. 7,096,490, filed March 20, 2002) in view of 
Gabber (US Patent No. 5,961 ,593, dated October 5, 1999), and further in view of 
Selvarajan (US Patent Application Publication No. 2002/032649, filed April 11, 2001). 

6.1 . As per claim 1 , Xiong is directed to a method comprising: authenticating identity 
information associated with a request received from a requestor for accessing a 
service, wherein the request is sent from the requestor to the service and intercepted 
for processing (Xiong col. 5 line 23 to col. 6 line 27, teaches a request for 
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authentication from the client to the ISP intercepted by a auto-configuration device 10. 
Device 10 negotiates the authentication protocol and user identity and password to be 
used for authentication that is supported by both the client and the ISP); generating 
temporarily assigned identity information for the requestor (Xiong teaches presenting 
encrypted user ID and password in place of the unencrypted user ID and password for 
authentication. However, Xiong does not explicitly teach generation of a temporary 
assigned identity for the requestor. Gabber teaches generation of an alias or substitute 
identifier (temporary assigned identity) to replace the user ID (Gabber col. 1 1 lines 15- 
37, and abstarct)); updating a protected identity directory with the temporarily assigned 
identity information (Gabber col. 1 1 line 37-53 shows that the substitute id (temporary 
id) is computed based on the stored data (ID, secret domain-name), which is 
equivalent of a directory. Note that Gabber col. 12 line 8-18 teaches that keeping a 
directory to translate user data to substitute data is part of prior art); and directly 
transmitting the request and the temporarily assigned identity information to the service 
on behalf of the requester (Gabber col. 1 1 line 36-66), wherein the service accesses 
the protected identity directory with the temporarily assigned identity information to 
authenticate the requestor for access (Gabber col. 11 lines 37-53 shows the server 
requests authentication data from proxy site 1 10a (which provides the temporary 
assigned identity information) and receives the authentication data from the proxy), and 
wherein the temporarily assigned identity information syntax and semantic format 
recognized and expected by the service for authentication access to the service 
(Gabber's substitute ID is used to authenticate the user to the service, therefore. 
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matched the syntax and semantic format of the service. Also, Xiong col. 5 line 23 to 
col. 6 line 27 shows that the auto-configuration device adjusts the protocol such that 
both the client and the ISP (service) support the authentication protocol). 

Gabber and Xiong are analogous art as they are both directed to facilitating 
authentication between a client and a server. At the time of invention, it would have 
been obvious to the one skilled in art to enhance Xiong's system of auto-configuring 
the authentication protocol, by adding a temporary user ID to protect the identity of the 
user. The motivation to do so would have been to protect the identity of the user and 
eliminating unwanted communication as suggested by Gabber col. 1 line 20 to col. 2 
line 11. 

Xiong in view of Gabber does not explicitly teach the temporary assigned identity 
information is unique to the request and expires when the request expires or when the 
requestor logs out or terminates a communication session associated with the service. 
Gabber does teach that the temporary identity for all requests to each distinct service 
provider is unique (see col. 6 line 59 to col. 7 line 17), but does not generate a unique 
ID for each and every request. Gabber also teaches keeping track of sessions between 
the user and service provider (see col. 14 lines 26-47), but does not teach expiring the 
temporary identity at the end of each session. 
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Selvarajan teaches a system to generate a high secure single usage e-currency-ID (see 
Abstract) for performing Internet based transactions using a credit card. Selvarajan 
teaches generation of unique ID (per use), including a preset time-out, which expires 
after a predetermined time (see parag. 19). 

At the time of invention, it would have been obvious to the one skilled in art to modify 
Xiong in view of Gabber, by enhancing Gabber's system of ID generation to generate 
IDs unique to each request (per use), and expiring after a time-out period, as taught by 
system of Selvarajan. Note that Gabber teaches use of credit card for payments, while 
concealing the user credit card information, if an intermediate system, such as the 
service provider (AMERICA ONLINE) can provide its own credit card info (see Gabber 
col. 12 line 57, to col. 13 line 5). Therefore enhancing Gabber systems to accommodate 
secured credit card transactions is readily suggested by Gabber. Note that Selvarajan's 
system provides secure credit card payments by generating a unique temporary ID. 

The motivation to combine said teachings of Selvarajan with Xiong in view of Gabber 
would be increasing security such that more critical transactions, such as credit card 
payment could be accommodated. 

6.2. As per claim 2, Xiong in view of Gabber, and further in view of Selvarajan is 
directed the method of claim 1 further comprising: generating a mapping between the 
identity information and the temporarily assigned identity information; and storing the 
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mapping in a local identity mapping store (Gabber col. 12 lines 7-17 teaches that 
storing the mapping data is in the prior art. Fig. 5 and associated text shows an 
alternative embodiment, including a local proxy server, which provides mapping data 
locally. Also see col. 7 lines 25 to 40, teaching storage of identity information in a 
database or alias table). 

7. Claims 3-9, 12-16, 19-24, 27-34 rejected under 35 U.S.C. 103(a) as being 
unpatentable over Xiong (US Patent No. 7,096,490, filed March 20, 2002) and view of 
Gabber (US Patent No. 5,961 ,593, dated October 5, 1999), and further in view of 
Selvarajan (US Patent Application Publication No. 2002/032649, filed April 11, 2001), 
and further in view of Gupta (US Patent No. 6,868,448, filed March 12, 1999). 

7.1 . As per claim 3, Xiong in view of Gabber, and further in view of Selvarajan is 
directed to the method of claim 2 further comprising, synchronizing the local identity 
mapping store and the mapping with one or more addition local identity mapping stores 
(Gabber teaches storing the identity information in local or central directories. 
Synchronizing the local identity mapping store and the mapping with one or more 
addition local identity mapping stores was a well known attribute of distributed directory 
services systems at the time of invention. However, Gabber does not explicitly discuss 
the mentioned attribute. 
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Gupta teaches a Directory Service (col. 16 line 42 to col. 17 line 14), which replicates 
data (entries) in several directory services distributed in different geographical areas. 
Gupta also teaches local application servers, which perform authentication and store 
the related identity information (col. 7 lines 12 to 25). The identity information stored at 
the local servers is automatically updated when the information at the remote server is 
updated. Therefore, Gupta teaches synchronizing the local identity mapping store and 
the mapping with one or more addition local identity mapping stores. 

Gupta and Gabber are analogous art, as they are both related to locating and providing 
data, resources and services to users in a distributed network. At the time of invention, 
it would have been obvious to a person skilled in art to deploy the distributed directory 
service taught by Gupta in the system of Xiong in view of Gabber and Selvarajan to 
allow access to user authentication data in a distributed network. One motivation to do 
so would have been balancing the load of directory servers as suggested in Gupta col. 
18, line 3 to 47. 

7.2. As per claim 4, Xiong in view of Gabber, further in view of Selvarajan, and further 
in view of Gupta is directed to the method of claim 1 wherein the generating further 
includes assembling an aggregate identity configuration for the requestor from one or 
more authoritative identity stores before generating the temporarily assigned identity 
information (Gabber col. 7 line 1 to col. 9 line 65 shows that the substitute ID is 
generated from a universal user ID and password combined with site specific data. 
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Therefore, Gabber stores a universal secret from an authoritative store before 
generating substitute IDs). 

7.3. As per claim 5, Xiong in view of Gabber, further in view of Selvarajan, and further 
in view of Gupta is directed to the method of claim 1 further comprising, removing the 
temporarily assigned identity information from the protected identity directory after 
detecting a terminating event that terminates the authenticity of the temporarily 
assigned identity information (Gupta col. 7 lines 12 to 25). 

7.4. As per claim 6, Xiong in view of Gabber, further in view of Selvarajan, and further 
in view of Gupta is directed to the method of claim 5 further comprising recycling a 
storage space occupied by the temporarily assigned identity information for use in a 
subsequent iteration of the method (re-use of the space previously occupied by deleted 
data is standard practice in computer systems). 

7.5. As per claims 7-9, Xiong in view of Gabber, further in view of Selvarajan, and 
further in view of Gupta is directed to the method of claim 1 further comprising: 
detecting dynamic changes made on at least a portion of the identity information, 
wherein the changes are detected within the protected identity directory; and 
synchronizing the temporarily assigned identity information and other local identity 
stores with the changes and logging the changes (see response to claim 3. It is well 
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known in distributed directory systems to detect a change, update the information in the 
main and other local directory services and log the event). 

8. Limitations of claims 1 0-34 are substantially the same as limitations of claims 1 -9 
above, and the following notes. 

8.1 . Claim 21 requires the identity information to include at least one of an 
identification, a password, a certificate, a token, a biometric value, a hardware value, a 
network connection value, and a time value. Gabber col. 6 lines 59-67 show the identity 
information includes a password). 

8.2. Claim 23 requires temporarily assigned identity information is randomly or 
deterministically generated. Per Gabber col. 7 lines 1-2, the character string used to 
generate the substitute ID is chosen randomly. 

8.3. Claim 29 requires the mapping is cached and accessible for subsequent uses. 
Gupta col. 1 1 lines 42 to 55 shows caching the data for subsequent use. 

8.4. Claims 33 and 34 require direct or indirect access of the service to data store. 
Gupta Fig 4A and 4B show different combination of architectural elements, which allows 
the service provider to directly or indirectly access the directory service. 
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Conclusion 



Any inquiry concerning tliis communication or earlier communications from tine 
examiner sliould be directed to Farid Homayounmelir wliose teleplione number is 571 
272 3739. The examiner can normally be reached on 9 hrs Mon-Fri, off Monday 
biweekly. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kristine Kincaid can be reached on (571 ) 272-4063. The fax phone number 
for the organization where this application or proceeding Is assigned Is 571-273-8300. 
Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published 
applications may be obtained from either Private PAIR or Public PAIR. Status 
Information for unpublished applications is available through Private PAIR only. For 
more Information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 



Farid Homayounmehr 
Examiner 
Art Unit: 2139 
/Kristine Kincaid/ 



Application/Control Number: 10/676,138 Page 12 

Art Unit: 2139 

Supervisory Patent Examiner, Art Unit 2139 



